Dear Filip,

Thank you very much for your kind reply.

So if you are saying that you did not perform step#4 from above, then I can even try this and update about this (I remember trying without this also).

Secondly, the users I am picking up is from live Active Directory. I have taken such users for my test, which are already available in SAP HR system and their manager is already maintained. This is confirmed by HR team and I just have this information from them. Nothing else. I believe this information and moving ahead accordingly.

The problem I am facing is, in spite of doing above configurations, when I select user from Active Directory in access request submission form, the "MANAGER ID" field is not getting filled automatically.

After doing above configurations, I synchronized users from SAP HR system as well. But I could not see any manager id against employees in GRACUSER master table. I believe, these manager ids should be updated here in this table. I could see manager ids for employees in this table for LDAP connector. So, thinking that it should be available for SAP HR connector also.

Please help me resolve this!

Regards,

Faisal

Dear Faisal,

first thing I would check if a user from AD  (and his manager) have SAP system login assigned in infotype PA105 on HR system side. This is second required step (first user does have to exist and manager have to be assigned).

Second thing you will not be able to see it in GRACUSER table as this field is populated on-line during request creation, so for this reason there is no need to run any synchronization jobs.

Filip

Dear Flip,

Thank you very much for confirming that this manager id will not be available in GRACUSER table and synchronization is not required.

I have checked with HR team and it is confirmed that SAP system login is assigned to manager and the employee both.

Still it am unable to fetch and map manager id in request. Can you advise more on this?

Regards,

Faisal

Hi Faisal,

I assumed plug-in on HR system was installed, correct?

User details in spro is marked as HR, correct?

The issue we had was also on HR side, manager was not assigned as direct supervisor of the user. Please take a look at screen:

http://scn.sap.com/docs/DOC-44642 - Configure Manager Look-Up in ARM for GRC 10 by @Allessandro Banzer to ensure on HR side you have exacly the same view?

Also check out note:

Note 1609554 - How manager info is pulled from HR system into ARQ

Filip

Filip,

To both of your questions, the answer is "YES".

I followed the link you shared here and implemented the note also mentioned therein. However, I think I will sit now with HR team and show how it should be maintained as per the document in the link.

I will update you here soon.

Regards,

Faisal

Dear Filip,

I checked with HR team and asked them to maintain the details as mentioned in the document. They maintained it as it is. But still it is unable to pull manager id from HR system?

Either something is being missed here or this is system bug.

Any advise on this?

Regards,

Faisal

Claudio,

I was told that it is A002 and I used this with no luck. I also tried using B012 and keeping it blank for that connector. But did not work.

Not sure what I am missing. Unable to figure it out.

By the way, do I need to do mapping also for this?

Regards,

Faisal

Yes, both of them are there in back end system with SP#9.

I can some how say that, it is successfully picking details like first and last name and email id from HR system as this is the only system with sequence#1 maintained in User Details data source.

But not sure why this is not picking up manager id.

Not really sure where to look further. I even tried with mapping, but did not work.

Regards,

Faisal

Claudio,

Thanks once again for directing me. I will check this and get back to you.

Regards

Faisal

Claudio,

It is confirmed by our HR team that it is maintained in the same way.

I think I have to raise an OSS now. will do and update.

Regards,

Faisal

Claudio,

I think I am missing one thing. I need to set "Manager Lookup" to "YES". This is one of the actions suggested by Alessandro in his blog.

However, when I try to modify EUP ID 999 which is default, this field is grayed out and is not editable. Also, by default it is set to "NO". May I know who do I edit it?

Secondly, I copied the 999 to my custom number to modify and it is editable. I set it to "YES. But dont know how to make use of this personalization at the time of submitting a request.

This is very much possible to use at each stage level, where we can specify the EUP ID. However, I dont know how I can force initiator to make use of my customized access request form.

Any idea about this?

Regards,

Faisal

Claudio,

Thanks for your reply.

This issue is resolved

Configuration was absolutely fine as mentioned above. The only problem was with the authorization of RFC user I used in my configuration!

I was not aware of what authorizations have been assigned to this user in SAP HR system. I thought it has all the authorizations as I have in GRC system itself for this user. Actually, I had not got this user created in SAP HR system, therefore did not consider this in my analysis. I was thinking that it was configuration problem in GRC system.

So some times we miss such small things and have to suffer a lot!

Now I have given SAP_ALL in SAP HR system to this RFC user. It is fetching all managers properly.

Hope this helps others!

Regards,

Faisal